Nexthink connector TA for Splunk

The Nexthink Add-on for Splunk enables organizations to ingest endpoint analytics data from Nexthink directly into Splunk by executing saved NQL (Nexthink Query Language) queries via the NQL API v2. Key Capabilities Connects to Nexthink's cloud platform using OAuth2 client credentials authentication Executes saved NQL queries on a configurable collection interval Ingests results as structured JSON events with customizable sourcetypes (nexthink:*) Supports multiple Nexthink accounts and regions (US, EU, Asia Pacific, Middle East) Includes a built-in CIM Mapper UI for mapping Nexthink fields to Splunk Common Information Model fields at search time via FIELDALIAS definitions Automatically generates eventtype and tag configurations for CIM compliance Provides a monitoring dashboard for tracking data ingestion health and errors Implements retry logic with exponential backoff for resilient data collection Use Cases IT Operations: Monitor device health, software inventory, and endpoint compliance across your environment Digital Experience: Bring Nexthink's digital experience scores and metrics into Splunk for correlation with other IT data sources Security Operations: Enrich security investigations with endpoint context from Nexthink, including device details, OS versions, and user activity Asset Management: Maintain an up-to-date inventory of devices, hardware configurations, and software installations within Splunk Supported Nexthink Regions US (United States) EU (Europe) PAC (Asia Pacific) META (Middle East) Data Flow The add-on authenticates with Nexthink's OAuth2 endpoint, executes your saved NQL queries, and writes each result record as an individual JSON event into the Splunk index of your choice. CIM field mappings are applied at search time through FIELDALIAS definitions managed by the built-in CIM Mapper, requiring no data transformation at ingest time.